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(54) Mobile phone incorporating security firmware 



(57) In accordance with the disclosed method and 
arrangement, for purpose of client authentication, pri- 
vate keys for digital certificates, or in general, any pri- 
vate or secret information that is necessary for client au- 
thentication can be stored in a personal SIM-card/smart- 
card and used in combination with the mobile telephone 
as a security gateway upon establishment of a IPsec 
tunnel. An employee staying away from his ordinary of- 
fice may, by means of a personal independent access 



unit functioning as a security gateway, communicate 
with the protected Intranet of his employer. Such a sce- 
nario enables the employee to borrow any remote host 
in order to access the Intranet by means of a mobile 
communication network or a fix network, e.g. PSTN. 

The solution is to move the security function to the 
mobile telephone or the independent access unit, pref- 
erably a wireless independent access unit, where a 
lightweight security gateway or firewall is implemented. 
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Description 

FIELD OF INVENTION 

[0001 ] The present invention relates to a method and 5 
arrangement for data protection (security) via encryp- 
tion/decryption for network communication. 

DESCRIPTION OF RELATED ART 

[0002] Traditionally, the Internet has no provision for 
security and, if measures are not taken, communicating 
parties can be the target of passive and active attacks 
such as eavesdropping, spoofing, hijacking, replay and 
denial of service, etc. Similarly, computers directly con- 
nected to the Internet may be the targets of attacks that 
exploit security flaws in the operating system or Internet 
services to inject data viruses or so called Trojan horses. 
For security, data is often protected before being sent 
on the network. The computer themselves are carefully 
scrutinized to close any possible holes in order to avoid 
intrusion. 

[0003] The Internet Protocol (IP) formally specifies 
the format of Internet packets, called datagrams, and 
informally embodies the ideas of connectionless deliv- 
ery. Analogous to a physical frame, the IP datagram is 
divided into header and data areas. Among other infor- 
mation, the datagram header contains the source and 
destination IP addresses, fragmentation control, prece- 
dence, and a checksum used to catch transmission er- 
rors. Besides fixedlength fields, each datagram header 
can contain at least one option field. The option field is 
of variable length, depending on the number and type 
of options used as well as the size of the data area al- 
located for each option. 

[0004] The idea of layering is fundamental in protocol 
design because it provides a conceptual framework for 
protocol design. In a layered model, each layer handles 
one part of the communication problem and usually cor- 
responds to one protocol. Protocols follow the layering 
principle, which states that the software implementing 
layer "n" on the destination machine receives exactly 
what the software implementing layer "n" on the source 
machine sends. In practice, protocol software uses mul- 
tiplexing and demultiplexing to distinguish among mul- 
tiple protocols within a given layer, making protocol soft- 
ware more complex than the layering model suggests. 
[0005] Encrypting/decrypting data has been per- 
formed by complex security software within applications 
or, to simplify the applications, encrypting/decrypting 
has been performed within the protocol stack of network 
protocols. 

[0006] Internet Protocol (IP) provides one of the two 
major protocols used in internetworking. A user consid- 
ers the Internet as a single virtual network that intercon- 
nects all hosts, and through which communication is 
possible; its underlying architecture is both hidden and 
irrelevant. Conceptually, an IP internet provides three 



set of services in three dependent layers. The three lay- 
ers will be disclosed in more details below. 
[0007] In figure 2 is depicted the three layers of a IP 
stack internet according to prior art; their arrangement 
in figure 2 suggests dependencies among them. At the 
lowest level 1, a connectionless delivery service pro- 
vides a foundation on which everything rests. At the next 
level 2, a transport service provides a higher platform 
on which applications depend. I.e., internet software is 
designed around three conceptual networking services 
arranged in a hierarchy, 

[0008] Enterprises build Intranets surrounded by fire- 
walls that are filtering incoming traffic in order to protect 
internal corporate networks from Internet attacks. To this 
end, firewall computers, which have direct access to a 
network, may be used to prevent unauthorized access 
to internal/private networks. In addition, for mobile us- 
ers, in order to protect communication between a re- 
mote host and the corporate Intranet across the Internet, 
encrypted channels are used, i.e. a secure tunnel 
through the Internet. The security is achieved by scram- 
bling the data by using cryptography - secret writing - 
and is called Virtual Private Networking (VPN). The In- 
ternet Engineering Task Force (IETF) is standardizing 
the IPsec protocol suite that can be used for this. The 
suite defines how to authenticate peers and negotiate 
encryption keys in order to establish secure network 
channels between parties. 

[0009] The IPsec protocol is a set of security exten- 
sions providing privacy and authentication services by 
using modern cryptographic methods. It can protect all 
traffic against unauthorized modification and eaves- 
dropping and securely authenticate the parties commu- 
nicating with each other. However, traffic travelling out- 
side the secured boundaries of networks protected by 
VPN need separate protection. 
[0010] In a system using IPsec, in order to protect the 
contents of an IP datagram, the data is transformed us- 
ing cryptography. There are two main transformation 
types that form the building blocks of IPsec, the Authen- 
tication Header (AH) transformation, and the Encapsu- 
lating Security Payload (ESP) transformation. 
[0011] The Authentication Header (AH) provides au- 
thentication (data origin authentication, connectionless 
integrity, and anti-replay protection services) to a data- 
gram. It protects all the data in the datagram from tam- 
pering as specified in the Security Association, including 
the fields in the header that do not change in transit. AH 
has been designed to just provide integrity. A deficiency 
with AH is that it does not provide confidentiality, 
[0012] The ESP header provides confidentiality, data 
origin authentication, connectionless integrity, anti-re- 
play protection, and limited traffic flow confidentiality. It 
does this by encrypting the contents of the datagram as 
specified by the Security Association. The ESP trans- 
formations encrypt and decrypt portions of datagrams, 
optionally wrapping or unwrapping the datagram within 
another IP datagram. Optionally ESP transformations 
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may perform data integrity validation and compute an 
Integrity Check Value (ICV) for the datagram being sent. 
[0013] Before a secure session can begin, the com- 
municating parties need to negotiate the terms for the 
communication. These terms are the ones that are de- 
fined in the Security Association (SA). There needs to 
be an automated protocol to establish the SA to make 
the process feasible in a global network like the Internet. 
This automated protocol is the Internet Key Exchange 
(IKE). IKE is meant for establishing, negotiating, modi- 
fying, and deleting SA:s. It securely produces random 
short-term session keys for the hosts and authenticates 
the hosts using shared secrets (passwords), or crypto- 
graphicaly using certificates. 
[0014] The IKE key negotiation and exchange works 
in two phases. During the first phase, IKE establishes a 
secure channel for further negotiation traffic and defines 
the security association to be used during the negotia- 
tions. During the second phase, it negotiates a security 
association to be used by IPsec. Although the first phase 
is time consuming, in the end, time is saved as the more 
frequent second phase negotiations can be performed 
faster after the first phase negotiations have been per- 
formed. 

[0015] The remote host also needs the security soft- 
ware to handle this connection. The patent "Data En- 
cryption/Decryption for Network Communication", WO- 
9726731 A1 , proposes a method wherein the remote 
host system software is modified. A security network 
driver software, such as IPsec, is inserted between the 
network protocol IP and the corresponding network driv- 
er. Security measures are performed upon the network 
packets before the network packets are passed to the 
network protocol IP from the application programming 
interface. A security network driver is used along with 
two encryption/decryption libraries for added data secu- 
rity. A network driver and additional hardware are also 
used in communication with the networks. Thus, all IP 
traffic is transparently encrypted/decrypted (tunneled). 
This set-up can be used by mobile subscribers using the 
mobile telephone as a modem to connect to an Intranet 
through the Internet. To this end, the IPsecprotocol suite 
needs to be installed as the security network driver in 
the remote host. 

[001 6] A deficiency with the method described in WO- 
9726731 A1 is that the remote host, i.e. the host of the 
mobile user, has to be adapted to handle IPsec tunnels. 
Considering the large amount of already deployed hosts 
(laptops, workstations, PCs) and the diversity of oper- 
ating systems and their versions, this is an unfeasible 
solution. Furthermore, upgrades can affect the installed 
security gateway. 

[0017] Another deficiency with the method described 
in WO-9726731 A1 is that only a specialized crew, not 
the common user, can perform the installation and con- 
figuration of such low-level security network modules. 
[0018] A further deficiency with the method described 
in WO-9726731 A1 is that IPsec is being slowly adopted 



and it will take a long time until the computer industry 
will include IPsec as a standard component in a com- 
mercial operating system for potential remote hosts. 
Nevertheless, on the Intranet market, several compa- 

5 nies are offering IPsec as a component in firewall com- 
puters or as a standalone IPsec security gateway. In 
more details, several companies have already intro- 
duced one side of IPsec, namely the side protecting the 
site of the company. The other side, i.e. the remote host, 

10 is difficult to provide with IPsec. 

[0019] Another deficiency with the method described 
in WO-9726731 A1 is that users inadvertently may 
download malicious software when accessing the Inter- 
net. Data viruses can remove, disable or modify the se- 

15 curity software of the remote host, without the knowl- 
edge of the user. A data virus may also harm or even 
destroy the operating system of a host. 

SUMMARY OF THE INVENTION 

20. 

[0020] Today, when a user, who stays away from the 
premises of his Intranet, wants to communicate with 
said Intranet, has to use a security system using a se- 
curity network driver software in order to protect the 
25 transmission of data between the Intranet and the re- 
mote host, i.e. the computer used by said user to com- 
municate with his Intranet. 

[0021] The main problem with security systems using 
a security network driver software is that the remote 
30 host, i.e. the computer used by the mobile user, has to 
be adapted to handle IPsec tunnels. With the large 
amount of already deployed hosts (laptops, worksta- 
tions, PCs) and a diversity of operating systems and 
their versions, this is an unfeasible solution. Further- 
35 more, upgrades are also difficult to maintain and per- 
form for such scenario. 

[0022] Another problem with security systems using 
a security network driver software is that installation and 
configuration of such low-level security network mod- 
40 ules (i.e. operating system dependent) may only be per- 
formed by experienced personnel and not by the com- 
mon user. 

[0023] A further problem with security systems using 
a security network driver software is that users may, in- 
45 advertently, download malicious software when access- 
ing the Internet. Data viruses may remove, disable or 
modify the security software of the remote host without 
the knowledge of the user. 

[0024] A yet further problem with security systems us- 
50 ing encrypting and encapsulating is that the process in- 
cluding encapsulating/ decapsulating and encrypting 
/decrypting of network packets may require a large por- 
tion of the processing power of a computer. 
[0025] The arrangement disclosed herein comprises 
55 an independent access unit provided with firmware. 
Firmware is a software stored in some sort of read-only 
memory module in order to provide better security. 
Firmware cannot be modified by external data viruses. 



25 



30 



35 



40 



45 



50 



3 



5 

[0026] In accordance with the disclosed method and 
arrangement, for purpose of client authentication, pri- 
vate keys for digital certificates, or in general, any pri- 
vate or secret information that is necessary for client au- 
thentication can be stored in a personal SIM-card/smart- s 
card and used in combination with the mobile telephone 
as a security gateway upon establishment of a IPsec 
tunnel. An employee staying away from his ordinary of- 
fice may, by means of a personal independent access 
unit functioning as a security gateway, communicate 
with the protected Intranet of his employer. Such a sce- 
nario enables the employee to borrow any remote host 
in order to access the Intranet by means of a mobile 
communication network or a fix network, e.g. GSM, CD- 
MA, PSTN. 

[0027] The solution is to move the security function to 
the mobile telephone or the independent access unit, 
preferably a wireless independent access unit, where a 
lightweight security gateway is implemented. 
[0028] In this solution, in contrast to prior art wherein 
the security layer is located inside the remote host, the 
security management is provided in the mobile tele- 
phone. The IPsec firmware and key management are 
located inside the mobile telephone, where it cannot be 
affected by potential attacks. 
[0029] According to one advantageous embodiment, 
the security gateway functionality can moreover be pro- 
vided in an external hardware module that can be 
plugged into the mobile phone, enabling commercially 
available telephones to work as security gateways. 
[0030] According to a further advantageous embodi- 
ment of the invention a computer program product is 
provided, which is loadable into the internal memory of 
an independent access unit and comprises software 
portions for performing the method disclosed herein, 
when said independent access unit is activated by a 
computer. 

[0031] A purpose of the inventive method and ar- 
rangement is to provide better security for electronic de- 
vices communicating over the Internet, wherein the 
communication is provided by means of the a mobile 
communication network or a fix network. 
[0032] Another purpose of the inventive method and 
arrangement is to provide security for externally located 
electronic devices communicating over the Internet to 
an Intranet. 

[0033] A further purpose of the invention is to provide 
a security gateway being able to resist external attacks. 
Said purpose is accomplished by means of a security 
device in the form of a hardware inside the mobile tele- 
phone. 

[0034] Another purpose of the disclosed method and 
arrangement is that all security associations, such as 
keys and configuration parameters, and communica- 
tions are handled in a personal single point - the inde- 
pendent access unit. 

[0035] A yet further purpose of the disclosed method 
and arrangement is that the usage of an independent 



6 

access unit, preferably a wireless independent access 
unit, as a security gateway enables its owner to use an 
arbitrary remote host, such as a laptop or standalone 
computer, in order to access his/her Intranet. 
[0036] An advantage of the disclosed herein method 
and arrangement is that low-level security software 
does not have to be installed on the remote host. 
[0037] Another advantage of the disclosed method 
and arrangement is that all security associations, such 
as keys and configuration parameters, and communica- 
tions are handled in a personal single point - the inde- 
pendent access unit, preferably a wireless independent 
access unit. 

[0038] A further advantage of the disclosed herein 
method and arrangement is that IPsec firmware pro- 
vides better protection inside the independent access 
unit than the security that may be provided in the remote 
host, where it is likely to be attacked when the remote 
host is used to access the Intranet. 
[0039] A yet further advantage with the herein dis- 
closed method and arrangement is that a firmware can- 
not be modified by external data viruses. 
[0040] Another advantage with the disclosed method 
and arrangement is that the usage of an independent 
access unit, preferably a wireless independent access 
unit, as a security gateway enables its owner to use an 
arbitrary remote host in order to access his Intranet. 
[0041 ] In this disclosure, the term mobile telephone is 
used. A man skilled in the art understands that the meth- 
od disclosed herein also apply for any wireless tele- 
phone. Furthermore, instead of a wireless telephone, 
any independent access unit, preferably a wireless in- 
dependent access unit, may be used, the access unit 
being able to provide wireless communication. The 
communication between said access unit and an elec- 
tronic device, such as a laptop, a personal digital assist- 
ant or an ordinary computer may be provided by means 
of cables or wireless communication in the form of e.g. 
short range radio (e.g. bluetooth) or infrared light. Fur- 
thermore, in extreme cases, the communication be- 
tween said access nit and said electronic device may 
be provided by means of ultrasonic or hydrophonic com- 
munication. The security firmware may also be inserted 
inside the computer functioning as a remote host, 
wherein the computer communicates using said securi- 
ty firmware as a security gateway. 
[0042] The term "comprises/comprising" when used 
in this specification is taken to specify the presence of 
stated features, integers, steps or components but does 
not preclude the presence or addition of one or more 
other features, integers, steps, components or groups 
thereof. 

[0043] Further scope of applicability of the present in- 
vention will become apparent from the detailed descrip- 
tion given hereinafter. However, it should be understood 
that the detailed description and specific examples, 
while indicating preferred embodiments of the invention, 
are given by way of illustration only, since various 
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changes and modifications within scope of the invention 
will become apparent to those skilled in the art from this 
detailed description. 

BRIEF DESCRIPTION OF THE DRAWINGS 
[0044] 

Figure 1 is a picture illustrating the usage of the 
method and arrangement according to the 
invention. 

Figure 2 is a diagram illustrating the three layers in 
the Internet. 

Figure 3 is a flowchart of tunnel record updating 
wherein a security system according to the 
invention is used. 

Figure 4 is a diagram illustrating a security system 
for communication according to the inven- 
tion. 

[0045] The invention will now be described in more 
detail with reference to preferred exemplifying embodi- 
ments thereof and with reference to the accompanying 
drawings. 

DETAILED DESCRIPTION 

[0046] In figure 1 the usage of the method and ar- 
rangement according to the invention is illustrated. An 
employee, Mr. Smith, of an international company, e.g. 
Ericsson, is visiting Tokyo. Mr. Smith owns a mobile tel- 
ephone 1 030 provided with a SIM card having a security 
firmware according to the invention. Mr. Smith wants to 
communicate with Ericsson's Intranet 1040, which is lo- 
cated in Stockholm, Sweden. Mr Smith borrows a lap- 
top 1010 from the Hotel, where he stays during his visit 
in Tokyo. He connects the laptop 1 01 0 by means of short 
range radio communication 1 020 to his mobile. In a fur- 
ther application, a cable may be used instead of short- 
range radio com munication . I n a yet further embodiment 
of the invention, the laptop 1010 may be replaced by a 
stand-alone computer. The communication between the 
laptop 1010 and the mobile 1030 may be provided by 
means of infrared light. In a furtherembodirnent, the SIM 
card provided with the security firmware may be inserted 
in the lap top 1010. Mr. Smith is now able to communi- 
cate by means of wireless communication with Erics- 
son's Intranet 1040 in Stockholm. The wireless commu- 
nication between the mobile 1030 and the receiving 
computer may be provided through the Public Land Mo- 
bile Network (PLMN) and the Internet. In a further em- 
bodiment, satellite communication is also possible. The 
mobile 1 030 is acting as a security gateway for the com- 
munication between the Intranet 1040 and the laptop 
1010. The Intranet 1040 is provided with a receiving 



computer 1050 acting as an Intranet Security Gateway 
for the communication between the Intranet 1040 and 
the rest of the world. 

[0047] Figure 3 is a flowchart of a method for data pro- 
5 tection (security) via encryption/decryption for network 
communication according to the invention. When a user 
wants to access his Intranet from a remote host, the user 
connects his independent access unit, e.g. a mobile tel- 
ephone, provided with a security firmware according to 
to the invention to a computer (step 185), Thereafter, the 
mobile telephone establishes a connection with the In- 
ternet (step 189). Thereat, the mobile telephone con- 
tacts the Security Gateway of the Intranet (step 1 92). A 
computer, acting as a gateway to the Intranet and pro- 
fs vided with a security gateway, checks if the security 
gateway in the independent access unit, is authorized 
(step 196). If this is not the case, an error message is 
sent to the telephone. Otherwise, a security tunnel is es- 
tablished between the mobile telephone and the secu- 
re rity Gateway (step 198). Thereat, an IP connection be- 
tween the remote host and the Intranet is established. 
[0048] In figure 4 is shown the communication be- 
tween the entities according to a preferred embodiment. 
The three levels of communication is illustrated in figure 
25 4. Each protocol communicates with its logical corre- 
spondent. The communication is provided layer by lay- 
er; the TCP/UDP-layer 130 at the Remote host 100, at 
the Internet side communicates with the TCP/UDP- lay- 
er 430 at the Intranet Host 400, the IP-layer 120 at the 
30 Remote host 100 communicates with the IP-layer 420 
at the Intranet Host 400, at the Intranet side. As is shown 
in figure 4, the Remote Host 100 is not provided with a 
network security layer, i.e. installation of a network se- 
curity layer at the Remote Host 100 is not required. All 
35 security management is provided in the mobile tele- 
phone 200. The mobile telephone 200 at the Internet 
side is provided with a security gateway 230, provided 
with a firmware called IPsec in 240. The complexity of 
the security gateway functionality 230 can be held low, 
40 as only one single host needs to be protected. The hard- 
ware and the software in the mobile telephone 200 can 
be reliably implemented. On the other hand, the trust 
one can put on the Remote Host 100 is limited. Com- 
munication between the Remote Host 100 and the mo- 
45 bile telephone 200 is secure, for example by serial cable 
connecting both devices, the built-in security of the com- 
munication link (e.g. Bluetooth or some other short 
range communication), or the short range capability (in- 
frared light). The IPsec firmware 240 and the key man- 
50 agement are located inside the mobile telephone 200, 
as part of the security gateway 230, where it cannot be 
affected by potential attacks. The IPsec layer 240 in the 
mobile telephone 200 on the Internet side communi- 
cates with the IPsec layer 340 in the Security Gateway 
55 300 on the Intranet side. The Security Gateway 300 ter- 
minates the IPsec tunnel and forwards the IP packets 
from the remote host to the Intranet host. In a preferred 
embodiment, the Security Gateway 300 is located inside 
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the Intranet Host 400. In a further preferred embodi- 
ment, the security gateway 300 is a part of the host 400. 
[0049] The control of the mobile telephone Security 
Association (SA), such as keys for VPN establishment 
and security policies, can be done statically or dynami- 
cally. 

[0050] In the simple case, the SA is loaded into the 
mobile telephone by out-of-band secure means (i.e. 
static configuration). This could be done manually for 
simple configurations, or securely downloaded within 
the Intranet from an authenticated site. The mobile tel- 
ephone can also be pre-configured to get its Intranet 
network parameters within the Intranet. In such a case, 
manual I Psec would run between the telephone and the 
security gateway. 

[0051] Dynamic configuration of the IPsec tunnel and 
the remote host may also be provided according to the 
Internet Key Exchange (IKE) [RFC 2409]. In such a 
case, the IKE protocol is employed to establish an initial 
security association between the telephone and the se- 
curity gateway. This tunnel would then be used to nego- 
tiate a remote host SA. IKE has been chosen because 
said dynamic configuration provides a transportable se- 
curity gateway. Furthermore, a personal security gate- 
way provides better control and supervision. 
[0052] It should be observed that: 

• The p re-configuration of the security associations 
could be very strong and only allow access to cer- 
tain gateways or it could be very relaxed and be 
more or less under user control. 

• Implementation of the IKE protocol would allow the 
usage of Public Key Infrastructure (PKI) based key 
management. 

• Other security channels can be implemented ac- 
cording to this idea. Instead of the IPsec protocol, 
it is e.g. possible to have transport layer security 
(TLS: Transport Layer Security/SSL: Secure Sock- 
et Layer/SSH: Secure Shell/WTLS: Wireless TLS), 
simple packet filtering, or link-level encryption for 
modem connections. 

[0053] In a yet future embodiment, in a communica- 
tion system transmitting speech over an IP-channel, the 
method disclosed herein can be used. 
[0054] The invention being thus described, it will be 
obvious that the same may be varied in many ways. 
Such variations are not to be regarded as a departure 
from the scope of the invention, and all such modifica- 
tions as would be obvious to one skilled in the art are 
intended to be included within the scope of the following 
claims. 



Claims 

1. A method for transmitting data packets in a commu- 
nication system including a remote host (1010), an 

5 independent access unit (1030), and a receiving 
computer (1 050) acting as a security Gateway to an 
Intranet, characterized in that security firmware is 
located inside the independent access unit (1030), 
wherein the independent access unit (1 030) is used 

10 as a security gateway between the remote host 
(1010) and the Intranet in order to provide security 
in the communication to the remote host (1010) 
when the communication is performed over the In- 
ternet. 

15 

2. A method according to claim 1, characterized in 
that the firmware is provided in the form of IPsec. 

3. A method according to claim 1, characterized in 
20 that the firmware is provided in the form of software. 

4. A method according to claim 1 -3, characterized in 
that said remote host is a laptop or a stand alone 
computer. 

25 

5. A method according to claim 1 -3, characterized in 
that said remote host is a personal digital assistant. 

6. A method according to claim 1 , characterized in 
30 that the communication between the independent 

access unit (1030) and the remote host (1010) is 
performed by means of a wireless connection. 

7. A method according to claim 1 , characterized in 
35 that the communication between the independent 

access unit (1030) and the remote host (1010) is 
performed by means of short range radio. 

8. A method according to claim 7, characterized in 

^o that said short range radio communication is adopt- 
ed to the bluetooth standard. 

9. A method according to claim 6, characterized in 
that the communication between the independent 

45 access and the remote host is performed by means 
of infrared light 

10. A method according to claim 1, characterized in 
that client private information required per client au- 

50 thentication are stored in the personal tamperproof 
storage and used in combination with the independ- 
ent access unit as a security gateway upon estab- 
lishment of a IPsec tunnel enabling a user to borrow 
any remote host in order to access the Intranet by 

55 means of a mobile communication network or a fix 
network. 

11. A method according to claim 10, characterized in 
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that said tamperproof storage is provided in the 
form of a SIM- card/smart card. 

12. A method according to claim 1, characterized in 

that the security gateway 300 terminates the IPsec 
secure link and forwards the IP packets from the 
remote host to the Intranet host. 

13. A method according to claim 1, characterized in 
that the control of the independent access unit Se- 
curity Association SA is performed statically. 

14. A method according to claim 1, characterized in 
that the control of the independent access unit Se- 
curity Association SA is performed dynamically. 

15. A method according to claim 14, characterized in 

that the dynamic configuration is provided by 
means of Internet Key Exchange (IKE) in order to 
establish an initial security association between the 
independent access unit and the security gateway, 
thereat said secure link is used to negotiate a re- 
mote host SA. < 

16. A method according to claim 13, characterized in 
that the pre-configuration of the security only allows 
access to certain gateways. 

17. A method according to claim 13, characterized in 

that the pre-configuration is under user control. 

18. A method according to claim 15, characterized in 
that the PKI based key management is used. 

19. A method according to claim 1, characterized in 
that in that said method is used in a communication 
system transmitting speech over an IP-channel. 

20. A computer program product directly loadable into 
the internal memory of an independent access unit, 
characterized by comprising software portions for 
performing the method according to any of claims 
1-19, when the independent access unit is activated 
by a computer. 

21. An arrangement for transmitting data packets in a 
communication system including a remote host 
(1010), an independent access unit (1030), and a 
receiving computer (1050) acting as a security 
Gateway to an Intranet, 

characterized in that security firmware is located 
inside the independent access unit (1030), wherein 
the independent access unit (1 030) is used as a se- 
curity gateway between the remote host (1 01 0) and 
the Intranet in order to provide security in the com- 
munication to the remote host (1010) when the 
communication is performed over the Internet. 



22. An arrangement according to claim 21 , character- 
ized in that the firmware is provided in the form of 
IPsec. 

s 23. An arrangement according to claim 21 , character- 
ized in that the firmware is provided in the form of 
software. 

24. An arrangement according to claim 21-23, charac- 
10 terized in that said remote host is a laptop or a stand 

alone computer. 

25. An arrangement according to claim 21-23, charac- 
terized in that said remote host is a personal digital 

is assistant. 

. 26. An arrangement according to claim 21 , character- 
ized in that the communication between the inde- 
pendent access unit (1030) and the remote host 
20 (101 0) is performed by means of a wireless connec- 
tion. 

27. An arrangement according to claim 21 , character- 
ized in that the communication between the inde- 

25 pendent access unit (1030) and the remote host 
(101 0) is performed by means of short range radio. 

28. An arrangement according to claim 27, character- 
ized in that said short range radio communication 

30 is adopted to the bluetooth standard. 

29. An arrangement according to claim 26, character- 
ized in that the communication between the inde- 
pendent access and the remote host is performed 

35 by means of infrared light. 

30. An arrangement according to claim 21 , character- 
ized in that client private information required per 
client authentication are stored in the personal 

40 tamperproof storage and used in combination with 
the independent access unit as a security gateway 
upon establishment of a IPsec tunnel enabling a us- 
er to borrow any remote host in order to access the 
Intranet by means of a mobile communication net- 

45 work or a fix network. 

31. An arrangement according to claim 30, character- 
ized in that said tamperproof storage is provided in 
the form of a SIM- card/smart card. 

so 

32. An arrangement according to claim 21 , character- 
ized in that the security gateway 300 terminates the 
IPsec secure link and forwards the IP packets from 
the remote host to the Intranet host. 

55 

33. An arrangement according to claim 21 , character- 
ized in that the control of the independent access 
unit Security Association SA is performed statically. 
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34. An arrangement according to claim 21 , character- 
ized in that the control of the independent access 
unit Security Association SA is performed dynami- 
cally. 

5 

35. An arrangement according to claim 34, character- 
ized in that the dynamic configuration is provided 
by means of Internet Key Exchange (IKE) in order 
to establish an initial security association between 

the independent access unit and the security gate- 10 
way, thereat said secure link is used to negotiate a 
remote host SA. 

36. An arrangement to claim 33, characterized in that 

the pre-configuration of the security only allows ac- is 
cess to certain gateways. 

37. An arrangement according to claim 33, character- 
ized in that the pre-configuration is under user con- 
trol. 20 

38. An arrangement according to claim 35, character- 
ized in that the PKI based key management is used. 

39. An arrangement according to claim 21 , character- 25 
ized in that in that said method is used in a commu- 
nication system transmitting speech over an IP- 
channel. 

30 



35 



40 



45 



50 



55 
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